From a955ed6477ff204f03636061cf8cfae091d013c9 Mon Sep 17 00:00:00 2001
From: Kovah <mail@kovah.de>
Date: Thu, 26 Sep 2019 20:12:54 +0200
Subject: [PATCH] Add notice about port binding and overriding of UFW to docker
 run reference

Signed-off-by: Kovah <mail@kovah.de>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 docs/reference/commandline/run.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md
index 47d1bbf6c8..b007042bde 100644
--- a/docs/reference/commandline/run.md
+++ b/docs/reference/commandline/run.md
@@ -352,6 +352,11 @@ machine. You can also specify `udp` and `sctp` ports.
 The [Docker User Guide](https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/)
 explains in detail how to manipulate ports in Docker.
 
+Note that ports which are not bound to the host (i.e., `-p 80:80` instead of
+`-p 127.0.0.1:80:80`) will be accessible from the outside. This also applies if
+you configured UFW to block this specific port, as Docker manages his
+own iptables rules. [Read more](https://docs.docker.com/network/iptables/)
+
 ```bash
 $ docker run --expose 80 ubuntu bash
 ```